Home / Technology / Horror story about the SIM card swap: I lost decades of data and Google does not lift the finger

Horror story about the SIM card swap: I lost decades of data and Google does not lift the finger



The most pirated passwords: is yours one of them?
Your name, your favorite football team and your favorite group: The UK National Cyber ​​Security Center has published a list of the 100,000 most commonly used passwords in data breaches. Learn more: https://zd.net/2UYNnKP

On Monday, June 10th, at 11:30 pm, my eldest daughter shook my shoulder to wake me up from a deep sleep. She said that it seemed like my Twitter account had been hacked. It turns out that things were much worse than that.

After getting out of bed, I picked up my iPhone XS Apple and saw a text message saying, "T-Mobile Alert: the SIM card for xxx-xxx-xxxx has been changed. change is not allowed, call 611. "Well, considering how T-Mobile took my cell service, I could not call 611 for help, so that's a worthless message. Fortunately, at the time, I always had a Google Fi SIM card in a 3 XL Pixel. I called T-Mobile to tell them that my physical SIM card was still in my iPhone and I did not allow any changes to my account.

Also: A wave of SIM card swap attacks hits US cryptocurrency users

I was able to have T-Mobile assign my phone number and service to my phone by giving them the SIM card identification number and then asking them to send an SMS. at one of four other phone numbers in my account. verification code. I asked why they would allow someone to call and take my SIM card without my approval. The representative stated that they could not discriminate or tell who was who on the phone and as long as key information was provided, an exchange could be allowed. Everything seemed to be going well for T-Mobile at that time, but I still had to go and find out what was going on with Twitter and later Google.

Twitter's woes

I started using Twitter in 2006 to coordinate meetings with other mobile technology writers and last week I had nearly 10,000 subscribers with a Twitter check. My Twitter user number is number 2 821 and I've posted about 30,000 tweets in the last 13 years. For the moment, all that has been removed.

Since my Twitter counted a bit for me, mainly for writing mobile technologies and the friendships I've developed over the years on Twitter, I made sure that the two-way authentication factors (2FA) was enabled with this service. It turns out that 2FA with text messaging sent on a cell phone may be useless when hackers steal your SIM card under your feet.

Also: Two-factor authentication: an aide-memoire TechRepublic

Twitter has a form that you must complete if your account has been stolen, but your email address assigned to this Twitter account must work. Even when I found my cell phone, sending a code to this number still does not allow me to access Twitter. I'm stuck in a hellish circle with Twitter and Google right now and Twitter support will not work with me by any other means to solve the situation.

Although Twitter is a free service, I would still expect to receive some assistance from someone who has had the same account for 13 years and can have my identity verified by thousands of people. If I can not get my Twitter account, stay tuned for a new account that I will have to rebuild from scratch.

Google woes

Since Twitter would not work with me until my Google Account had been restored, I went to try and reset my Google Services password. It turns out that the hacker had a few hours ahead of me and that he had already changed most of the check fields that I had set up to reset my password. If you have a Google Account, I recommend that you set your settings and set the following items in case you need to reset your password for a stolen account:

  • Google Authenticator
  • Cell phone number for text code
  • 8-digit backup code
  • Another phone number associated with your account
  • Email recovery
  • Month and year of using Gmail

I had some of this information, but the hacker changed everything in the list above, with the exception of an email address that I still controlled. Over the past week, I used this email to fill out the form for Google every day, adding many more details about the situation, but I have not been able to get Google to continue. the process of recovering my account.

A few days ago, a message appeared on my Pixel 3 XL indicating that my Google Fi SIM card had been disabled. I've been using Google Fi for a few years and lately I'm enjoying a $ 200 credit after I bought my wife's Google Pixel 3. There is actually a number for Google Fi representatives, but repeated calls about them reveal that nothing can be done without access. on my Gmail account. My Google Fi number and my long-standing service credit are now at risk of disappearing forever.

Also: How to use Google's Project Fi cellular service with any smartphone TechRepublic

I may have been naive, but I had saved a lot of personal information on Google Drive. This included tax returns, my wife's death account passwords, personal documents and spreadsheets, as well as anything I had paper copies at home. Since I'm changing computers, sharing data with others, and wanting backups in case my house burns down, I've relied on cloud services to store my data. I have to admit that I am a bit panicked right now and that this data may be transferred to external hard drives and paper.

We pay for Google Drive, Google Fi and Google Play Movies, so I hoped that there would be a level of customer service for paying customers. There is no phone number available for customers who pay for services or those who use only free services. Google is proud to collect my information and use it to improve search results. Thus, it contains all kinds of information on how I conduct my daily life, including the monitoring of each of my movements, the follow-up of my business trips, the list of people I contact on a daily basis, and much more. again. You would think that it would be smart enough to see when a stranger appears and completely changes the information in my account.

According to Gmail, my Google Account has now been deleted. Therefore, I no longer try to reset the password, but rather try to recover my account. I have countless people working in public relations, friends, family and others who are part of my long history of Gmail and who currently can not access any of this information. I also have thousands of photos that may be lost forever if Google does not want me to recover my account.

If anyone has any information on how I can honestly verify my identity by Google and recover my deleted account, I would very much like you to leave a comment below.

$ 25,000 for Bitcoin

Since I had 2FA enabled for my bank account and bank account information on Google Drive, it was only a matter of time before the thief started stealing my money. While my wife worried about the loss of my Twitter account and my Google account, that's only when the criminal used my bank account to buy $ 25,000 in Bitcoin that she's gone crazy.

Initially, my bank withdrew the money from my accounts. So we called to tell them that it was a fraud. We were told that the bank would investigate, but our accounts could be blocked up to 45 days. As a result, we immediately asked all family members to go to the ATM to get the maximum amount of cash to pay the bills. We also had to call all the new graduates to whom we gave checks for gifts so as not to cash them yet. It was an extremely stressful week and the adventure is not over yet.

Also: Bitcoin blues: It's how much currency was stolen last year

After a few days, our bank canceled the $ 25,000 charge and told us that the fraud department had intercepted the ACH withdrawal before it was fully processed, so neither my family nor the bank will not lose this money forever. My first instinct was to change my bank account numbers, but then I realized that every person and every company that I wrote a check had the same information, which is why I trust the bank to protect my assets.

T-Mobile woes and success

My T-Mobile SIM card was stolen for the first time on Monday, June 10, and I was able to get the company to give it back to me that night. I left for a business trip, actually Garmin Fitness Retreat, in Whitefish, Montana on Tuesday, June 11th. While I enjoyed dinner with the band Tuesday night after arriving in Montana, I was stressed the next morning because my Google account was so poorly known. Fortunately, the nice Garmin representative was sensitive to my situation and took me to town so I could get a T-Mobile connection and try to lock everything up.

I arrived in the middle of Whitefish, but for some reason, I still had no T-Mobile cellular service. I have turned on and off the airplane mode without success. It was also at that time that I discovered that the hacker had disabled my Google Fi service. So I could not call T-Mobile to find out what was going on. I found a local Safeway store with free Wi-Fi and then contacted my wife via Facebook Messenger. Through all these hacks, it was interesting that Facebook was the only reliable and secure service under my control.


Read more


While she was connected to my wife via Facebook Messenger, she contacted T-Mobile on my daughter's mobile phone while she was at home. T-Mobile then confirmed that he had again removed my SIM card and gave it to someone else. I became furious on hearing this and told them that my same SIM card was still in my iPhone XS and that I wanted T-Mobile to stop giving it and let it be associated with the physical SIM card on my phone. It was said that this request was not possible, but that notes could be added to my account. While I had a PIN code associated with my SIM card, I still did not know how the thief had managed to overtake that the first time, I changed this PIN during the call.

Fortunately, I have a good friend at T-Mobile who was very concerned about my fate and who was able to get someone to contact me so I could demand that my SIM card could not be changed unless someone enters the store with at least one means of physical identification. Since this requirement has been associated with my account, my T-Mobile service has remained under my control.

Lost services?

Unfortunately, my Google Account was linked to a number of services, including Google Chrome, and I had saved hundreds of account passwords in Chrome that the criminal now had in his possession. The first night, I immediately changed the email address and password of all accounts related to financial data. In the days that followed, I changed all the accounts I could think of.

Also: Verizon wants to lock phones to protect consumers CNET

A practical tip that served me well, in connection with my role as a mobile technology examiner, was to start one of my test phones and leave it in airplane mode. I then went on Chrome by phone to view all the sites on which I had accounts and saved passwords. The thief could potentially divert all this, which is why I meticulously reviewed them last week.

Unfortunately, some services and websites do not allow me to change my password or the email address associated with the service without having access to my Gmail account with which I was subscribed for these services. Thus, I currently have no access to services such as Redbox and Movies Anywhere, in addition to Twitter and Google, of course.

Recommendations for your safety

In addition to contacting T-Mobile, Google (useless) and Twitter (useless), I recommended that you take the following steps:

  • File a police report with the local authorities
  • Activate a freeze and credit fraud alert with the three credit reporting agencies
  • Complete a report with the Federal Trade Commission
  • Make sure your financial institutions are aware of the possible theft of identity
  • Change the e-mail address and passwords of all accounts that can be connected to the stolen account
  • Remember to use an email and password to log in to accounts rather than simply relying on Facebook, Google or Twitter as the global identifier for the services. If a service is stolen, you can reduce everything as I did.
  • Use password management software or let your device, like an iPhone, help you create extremely long and complicated passwords. I'm now exploring some of these tools to increase the security level of all my accounts.
  • Close old accounts that you never use. By browsing through my saved Chrome data, I have found many accounts and services that I no longer use, but they are all likely to be damaged by the hacker.
  • Although two-factor authentication is a minimum standard, look for options other than sending a text message for verification purposes. If you fly your SIM card as I did, 2FA is worthless.

Look also: How to protect against an attack by SIM card swap via WIRED

I have considered changing my bank account number, social security number and other vital accounts to live and work in the United States. I am also panicked about using cloud services. My current strategy is to use OneDrive only for photo backup while writing my passwords on paper and leaving the rest of the cloud behind.

If anyone has any tips on how to recover my Google and Twitter accounts, I would greatly appreciate your comments. In addition, if you have any other advice on what to do before and after a security breach, I would like to hear more in the comments.


Source link